irinotes: src/notes/api/permissions/core.py@9864fe2067cd (annotated)

31 63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	1	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	2	Permissions for core objects
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	3	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	4	import logging
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	5
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	6	from rest_framework.permissions import IsAuthenticated
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	7
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	8	from notes.models import Session
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	9
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	10	logger = logging.getLogger(__name__)
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	11
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	12	class SessionPermission(IsAuthenticated):
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	13	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	14	Pemissions for sessions
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	15	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	16
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	17	def has_object_permission(self, request, view, obj):
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	18	return request.user == obj.owner
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	19
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	20	class NotePermission(IsAuthenticated):
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	21	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	22	Permissions for notes
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	23	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	24
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	25	def has_permission(self, request, view):
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	26	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	27	Return `True` if permission is granted, `False` otherwise.
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	28	"""
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	29	is_authenticated = super().has_permission(request, view)
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	30	if not is_authenticated:
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	31	return False
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	32	session_ext_id = view.kwargs.get('session_ext_id')
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	33	if is_authenticated and session_ext_id:
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	34	return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	35	else:
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	36	return True
63be3ce389f7 improve api ymh <ymh.work@gmail.com> parents: diff changeset	37

author	ymh <ymh.work@gmail.com>
	Tue, 18 Jul 2017 17:08:27 +0200
changeset 117	9864fe2067cd
parent 31	63be3ce389f7
child 119	8ff8e2aee0f9
permissions	-rw-r--r--